Anonymity on the Internet is one of the premiere enticements by many users. The fact that a person can pose as someone else, or create a pseudonym, screen-name, or make up an entirely new identity appeals to many. Currently, there is no official tally on the number of 'anonymous' surfers. But, sites like anonymizer.com reinforce the conclusion that a market exists for those who want to remain anonymous.

A recent decision of the U.S. Court of Appeals for the Ninth Circuit has to provide anyone who is concerned about anonymous surfing some pause. According to that appellate court, entering a Web site under false pretenses can be a violation of the Wiretap Act and the Stored Communications Act, and potentially expose the entering business or individual to civil damages.

On January 8, 2001, the Ninth Circuit ruled in Konop v. Hawaiian Airlines, Inc [2001 Daily Journal Daily Appellate Report 311] that accessing a Web site under false pretenses could be considered illegal interception of information. This potentially subjects the impersonator to liability under both the Wiretap Act [18 U.S.C. ?? 2510-2520] and the Stored Communications Act [18 U.S.C. ??2701-2710].

Reversing a judgment entered by district court for the Central District of California on these counts, the Ninth Circuit entered the fray on what could mean the end of anonymity without liability.

Privacy rights activists have focused our attention on data collection, and the use of that data by the unscrupulous marketers who will spam us with their wares. As early as 1996, writers and commentators were recognizing the privacy connection to the right to anonymity [See, e.g., Perritt, Law and Information Superhighway ?3.33 and citations collected thereat]. Reasonable concerns of privacy and data collection aside, anonymity without liability may soon be coming to an end.

Businesses routinely police the Internet for defamatory remarks about their products. The popularity of sites which contain the business' name and followed by 'sucks.com' are routinely registered by those who want to comment about the business, and those businesses which want to prevent such commentary. But, what happens when a business enters a site under an assumed name, to avoid detection? Is this wrong? Maybe.

Mr. Konop was a pilot for Hawaiian airlines. He created and maintained a Web site in which he posted bulletins that were critical of his employer, its officers, and union. According to the court, much of the criticism hosted on the site focused on his opposition to concessions, which Hawaiian sought from the union.

Critical to the Court's analysis was that access to the Web site was controlled by a login procedure utilizing a user name and password. The site had been created to allow other Hawaiian Airlines employees to register under their names, enter a password, and then gain access by agreeing not to reveal the site's content. Hawaiian Airlines management and union representatives were not allowed access.

Hawaiian's management learned of the existence of the site. Its vice-president logged on by borrowing two other non-management employees' names. With their permission, he agreed to the terms and conditions for using the Web site [i.e., nondisclosure of the site's content]. Hawaiian's president was informed and became upset that he appeared to be accused of fraud and other bad acts in bulletins posted by Konop.

Thereafter, Konop was contacted by the union and was counseled about the site's content, the disparaging remarks about the president, and the fact that the president of Hawaiian was considering filing a defamation suit against Konop. In response, Konop initially took the site down. He later put it back up, and after learning how Hawaiian had obtained access to the information on the site, he filed the lawsuit.

Konop learned how the vice-president had logged on under the identities of other employees. He then filed suit against the Hawaiian Airlines, alleging among other things that it had engaged in illegal wiretapping. In the U.S. District Court for the Central District of California, Judge J. Spencer Letts ruled in favor of Hawaiian Airlines on these claims.

According to the appellate Court, protection against eavesdropping on modern electronic communications was added to the Wiretap Act and enacted in the Stored Communications Act by the Electronic Communications Privacy Act of 1986 [P.L. No. 99-508]. Under Title I, the act prohibits unauthorized 'interception' of 'electronic communications;' Title II prohibits unauthorized 'access' to 'a facility through which an electronic communication service is provided.' Accordingly, the Court felt that Hawaiian's entry into Konop's site fell within these prohibited acts.

Although the Court went on to note that there are exceptions to the prohibitions, these did not apply. For example, electronic communication that is readily accessible by the public is not prohibited from interception. Nor is there a prohibition on intercepting electronic communications if the party sending the communication has given permission.

Here, however, the fact that the Web site was secure, requiring the employee to log-in and enter a password, took it out of these general exceptions. The employees who had permission to log-on hadn't actually done so, Hawaiian's vice-president had. And, he did not have permission to do so. In short, impersonation of a party who has the right to access the site, does not convey permission to the impersonator to enter the site, and can be subject to liability under these acts.

Most of the surfing population is not attempting to view secure Web sites under assumed names. Most of the surfing population is not attempting to learn what people are saying about us. However, the lesson to be learned for all of us is that there can be legal consequences and potential legal liability in the event we enter a site under an assumed identity, with or without permission.